Hi Brian, > On 2 Nov 2016, at 16:56, Brian Demers <[email protected]> wrote: > > The URLs are just ANT paths: > https://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/AntPathMatcher.html > > <https://shiro.apache.org/static/current/apidocs/org/apache/shiro/util/AntPathMatcher.html> > > So something like this should work: > > [urls] > /index* = ssl, authBasic
Perfect! Works! Thank you very much > > On Wed, Nov 2, 2016 at 11:30 AM, Björn Raupach <[email protected] > <mailto:[email protected]>> wrote: > Hello group, > > is there any support for filtering urls without looking at the extension? > Maybe we have overlooked it. > > In our use case we work with JavaServer Faces (JSF). In web.xml we map the > JSF servlet to .jsf. > > An example shiro.ini: > > [urls] > /index.jsf = ssl, authBasic > > You can bypass the JSF servlet *and* the Shiro Filter by requesting > /index.xhtml. > > The requesting party only gets the xhtml page, with all the JSF spaghetti > included, but it won’t be processed. > > It would be nice to declare /index = ssl, authBasic regardless of the > extension. > > Another option is a deny filter so I could have /index.xhtml = deny for > example. > > Any thoughts on this? > > /Björn >
